Security Blog

Feature development & monitoring tips

Category: Technical Blogs

June 17, 2020

So, what is DOM XSS?

Cross Site Scripting (XSS) is one of the most well covered web application issues around, however it is surprising how little people truly understand the concept of DOM Based vectors. This blog will aim to clear that confusion up, discussing the difference between traditional and DOM based XSS.

Find Out More
May 21, 2020

Why Should You Enable FileVault 2?

The average Mac user might be forgiven for thinking that their meticulously crafted login password is enough to protect their data; however, it may be surprising to learn that password strength alone is entirely redundant should a determined attacker manage to get their hands on your machine.

Find Out More
March 23, 2020

S3 and the Anti-Virus Scan

Amazon S3 is a great, cheap and flexible option when it comes to sharing and hosting files. However what is not great is that any file can be uploaded to a S3 bucket. And by any file we mean any file including malicious files. It is very common for people not to check the files that are uploaded to S3. But it is possible to virus scan files uploaded to S3. it just takes a little bit of work.

Find Out More
February 17, 2020

PHP Deserialisation/Object Injection

PHP Deserialization vulnerabilities are rarely seen on Greybox application assessments, however these should not be overlooked. This blog will look at PHP Deserialzation/Object injection covering how these vulnerabilities can be spotted and the exploit code required to read local files.

Find Out More
January 27, 2020

Injection Attacks

Injection Attacks are 1st in the OWASP TOP 10 list of vulnerabilities, they are not limited to SQL Injections. Here we talk about different types of Injection Attacks.

Find Out More
January 10, 2020

Masquerade, cracking hashes with known formats

As a penetration tester, cracking hashes can be a great post exploitation activity for both the fun and value to a client, providing a great way of showing the severity of an issue (but mostly for the fun). In this blog I’ll show you an in-depth look at cracking hashes with known formats.

Find Out More